Analysis

Category Started Completed Duration Log
FILE 2023-11-15 11:41:05 2023-11-15 11:41:05 0 seconds Show Log

    

MalScore

1.6

Benign

File Details

File Name hdwwiz.exe
File Size 77824 bytes
File Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 7de017df8d0ecfd5e4d901d53bd50f81
SHA1 6b297f20f5fe8ac9730e6581139b83ec9ce048cd
SHA256 79ce21b1dc200d81018d1421b11944e6ac454cd54c541b222f1ed1cd08d0fc86
SHA512 bd151ed61c50239beb7ae4445ee076dcab2303564bf2cd2acaf064d9fa4edac4765c9a2212665e6a87b31d1a3cb2a4716faf3b2826469c4cd4a0f6da9c840241
CRC32 E639A6FC
Ssdeep 384:D5l8toF7JMWW2nw0W6yWT4650Ingu+n6aJTIXFJhjhxhWM1hvYvfeHviODnMObvt:D5+o3bws/4G0In3BhzhWM1GOVz17
ClamAV None matched
Yara None matched

Signatures

Anomalous binary characteristics
anomaly: Timestamp on binary predates the release date of the OS version it requires by at least a year

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.


Summary

PE Information

Image Base 0x140000000
Entry Point 0x140001150
Reported Checksum 0x0001b39e
Actual Checksum 0x0001b39e
Minimum OS Version 10.0
PDB Path HdwWiz.pdb
Compile Time 1971-11-10 04:30:12
Icon
Icon Exact Hash a7698db66488a2ab35c8302bbe546fe8
Icon Similarity Hash 28d9d08a641261d537d3588bdff99552

Version Infos

LegalCopyright \xa9 Microsoft Corporation. All rights reserved.
InternalName HdwWiz.EXE
FileVersion 10.0.22621.1 (WinBuild.160101.0800)
CompanyName Microsoft Corporation
ProductName Microsoft\xae Windows\xae Operating System
ProductVersion 10.0.22621.1
FileDescription Add Hardware Wizard
OriginalFilename HdwWiz.EXE
Translation 0x0409 0x04b0

Sections

Name Virtual Address Virtual Size Size of Raw Data Characteristics Entropy
.text 0x00001000 0x00000a40 0x00001000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 4.33
.rdata 0x00002000 0x00000bae 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.22
.data 0x00003000 0x00000680 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.05
.pdata 0x00004000 0x000000d8 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.31
.rsrc 0x00005000 0x0000cc58 0x0000d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.02
.reloc 0x00012000 0x00000030 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.11

Resources

Name Offset Size Language Sub-language Entropy File type
MUI 0x00011b88 0x000000d0 LANG_ENGLISH SUBLANG_ENGLISH_US 2.70 data
RT_ICON 0x000116a8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 3.56 GLS_BINARY_LSB_FIRST
RT_ICON 0x000116a8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 3.56 GLS_BINARY_LSB_FIRST
RT_ICON 0x000116a8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 3.56 GLS_BINARY_LSB_FIRST
RT_ICON 0x000116a8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 3.56 GLS_BINARY_LSB_FIRST
RT_ICON 0x000116a8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 3.56 GLS_BINARY_LSB_FIRST
RT_ICON 0x000116a8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 3.56 GLS_BINARY_LSB_FIRST
RT_ICON 0x000116a8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 3.56 GLS_BINARY_LSB_FIRST
RT_ICON 0x000116a8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 3.56 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00011b10 0x00000076 LANG_ENGLISH SUBLANG_ENGLISH_US 2.94 MS Windows icon resource - 8 icons, 256-colors
RT_VERSION 0x000055d8 0x00000394 LANG_ENGLISH SUBLANG_ENGLISH_US 3.48 data
RT_MANIFEST 0x000052d0 0x00000305 LANG_ENGLISH SUBLANG_ENGLISH_US 4.95 XML document text

Imports

Library KERNEL32.dll:
0x140002150 GetLastError
0x140002158 LoadLibraryW
0x140002160 GetProcAddress
0x140002168 ExitProcess
0x140002170 FreeLibrary
0x140002178 GetCurrentProcess
0x140002180 UnhandledExceptionFilter
0x140002188 GetTickCount
0x140002190 GetSystemTimeAsFileTime
0x140002198 GetCurrentThreadId
0x1400021a0 GetCurrentProcessId
0x1400021a8 QueryPerformanceCounter
0x1400021b0 GetModuleHandleW
0x1400021c0 GetStartupInfoW
0x1400021c8 Sleep
0x1400021d0 TerminateProcess
Library msvcrt.dll:
0x1400021e0 _fmode
0x1400021e8 _commode
0x1400021f0 ?terminate@@YAXXZ
0x1400021f8 __C_specific_handler
0x140002200 _acmdln
0x140002208 _XcptFilter
0x140002210 _amsg_exit
0x140002218 __getmainargs
0x140002220 _initterm
0x140002228 __setusermatherr
0x140002230 _ismbblead
0x140002238 _cexit
0x140002240 _exit
0x140002248 exit
0x140002250 __set_app_type
Library ntdll.dll:
0x140002260 RtlCaptureContext
0x140002268 RtlLookupFunctionEntry
0x140002270 RtlVirtualUnwind

.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
AddHardwareWizard
HdwWiz.pdb
.text$mn
.text$mn$00
.text$x
.rdata$brc
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gehcont
.gfids
.rdata
.rdata$voltmd
.rdata$zzzdbg
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.pdata
.rsrc$01
.rsrc$02
GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
FreeLibrary
KERNEL32.dll
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
?terminate@@YAXXZ
msvcrt.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
ntdll.dll
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
PPP EDF@658@+*.
hdwwiz.cpl
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Add Hardware Wizard
FileVersion
10.0.22621.1 (WinBuild.160101.0800)
InternalName
HdwWiz.EXE
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
HdwWiz.EXE
ProductName
Operating System
ProductVersion
10.0.22621.1
VarFileInfo
Translation
en-US
No antivirus signatures available.

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

No UDP connections recorded.

DNS

No domains contacted.

HTTP Requests

No HTTP requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.
Sorry! No dropped files.
JSON Report Download

Comments



No comments posted

Processing ( 0.614 seconds )

  • 0.27 VirusTotal
  • 0.187 Static
  • 0.143 peid
  • 0.006 AnalysisInfo
  • 0.004 TargetInfo
  • 0.003 Strings
  • 0.001 Debug

Signatures ( 0.022 seconds )

  • 0.005 antiav_detectreg
  • 0.002 persistence_autorun
  • 0.002 antiav_detectfile
  • 0.002 infostealer_ftp
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 browser_security
  • 0.001 disables_browser_warn
  • 0.001 infostealer_bitcoin
  • 0.001 infostealer_im
  • 0.001 infostealer_mail
  • 0.001 ransomware_extensions
  • 0.001 ransomware_files

Reporting ( 0.004 seconds )

  • 0.004 JsonDump
Task ID 2438
Mongo ID 655502b62694ed5bda0b5ea2
Cuckoo release 1.3-NG